Silverlight Authorisation Dataportal LocalProxy

Silverlight Authorisation Dataportal LocalProxy

Old forum URL: forums.lhotka.net/forums/t/11130.aspx


Adalton4 posted on Monday, February 06, 2012

After optimising our DataPortal.Create statements to ProxyModes.LocalOnly where appropriate, we encountered the following:

We had to explicitely add the Permission check to get the same behaviour from the Remote DataPortal, which throws an exception. Without explicitely checking for authorisation, we ended up with a created object who was not saveable.

 

Is this an oversight from my part somewhere, as it would not seem logical to me.

 

Rgds

 

 

 

 

 

 

 

 

 

 

 

 

 

 

public static void CreateRoot(EventHandler<DataPortalResult<SeverityEdit

>> callback)

{

 

 

 

// Explicitly Add Authorisation Check

 

 

 

if (!Csla.Rules.BusinessRules.HasPermission(Csla.Rules.AuthorizationActions.CreateObject, typeof(SeverityEdit

)))

 

 

 

throw new System.Security.SecurityException("UserNotAuthorizedException/" + Csla.Rules.AuthorizationActions.CreateObject.ToString() + "/" + typeof(SeverityEdit

).Name);

 

 

 

//

 

 

 

DataPortal.BeginCreate<SeverityEdit>(callback, DataPortal.ProxyModes

.LocalOnly);

 

 

 

//

 

 

 

//

 

 

 

//DataPortal.BeginCreate<SeverityEdit>(callback, DataPortal.ProxyModes.Auto); // Via the Server Side DataPortal, authorisation is automatic

}

 

 

 

 

 

 

 

public static void

AddObjectAuthorizationRules()

{

 

 

 

BusinessRules.AddRule(typeof(SeverityEdit), new IsInRole(AuthorizationActions

.CreateObject,

 

 

 

Constants

.ROLE_Developer));

}

RockfordLhotka replied on Monday, February 06, 2012

You are saying that the local data portal in Silverlight doesn't automatically check the per-type authorization rules?

Adalton4 replied on Monday, February 06, 2012

Yes,

 

It is possible to create an object via the local dataportal. It isn't saveable, but the behaviour is inconsistent with that of the remote dataportal wich raises an exception.

 

RockfordLhotka replied on Monday, February 06, 2012

OK, I'll add this to the bug list. Thank you!

Copyright (c) Marimer LLC